[Zope-PTK] can't add loginmanager below root

[Shane Hathaway]

Ty Sarna wrote:
> Sorry for the delay. I'm just now cacthing up on all my zope-related
> mail. I've applied this patch, and it will be in the release tonight.
> However, I am a bit concerned about what happens if _owner is deleted.
> For purposes of setuid code, we'd like to use the owner as the user to
> setuid to, but if we can't force it to be the right user, that could be
> a problem. This will definately need more thought.

There is code in the security machinery that actually tries to delete
the _owner attribute.  Actually, that's where LoginManager was failing,
since the machinery was not able to delete the attribute.  It deletes
it only when it can see that the proper way to handle ownership is
implicitly (through acquisition) rather than explicitly.  When
LoginManager is added to the root folder, the superuser owns it.  When
added anywhere else, the user who added it owns it.

Regarding setuid: I looked at proxy roles again recently.  It would
appear to me, and I may be wrong, that they do indeed work like they
used to--the only difference is that proxy roles don't *add* to the
user's roles, they *replace* them.  So they can be used to both
increase and decrease privileges.  That's what Jim was talking about. 
A very logical approach IMHO.

Shane